How School Wireless Networks CAN support student owned mobile devices
The growing presence of smart phones and student owned mobile devices (iPhones, iPads, Android, etc.) in K-12 schools is a major concern for IT Directors and school administrators everywhere. It’s one of those things that everyone knows is there, but don’t know how to control. So most schools adopt a “no cell phone” policy and don’t allow students to bring their own mobile devices to school. Most administrators do this because of the very real risk of viruses from those devices and no way to enforce the CIDA law that requires K-12 Schools have appropriate content filtering.
But when schools are already short on funding does this strategy make sense? What if parents want to provide mobile devices (laptops, tablets, iPads) for their students to use in school? And what about teachers who bring in their personal laptops and iPads; if the school can’t afford to buy them, shouldn’t they at least be able to bring their own?
If there was no way to build a wireless network for schools to address these issues then the no mobile device policy would make sense. But the reality is that you can design a secure wireless network for K-12 schools, here’s what you need:
1) Defined Policies by User Groups- it helps to break down the types of users into groups (i.e. Student, Faculty/Staff, and Guests). Policies should include the types of devices the group is allowed to use, and what type of applications they are allowed to access both internally and on the web.
2) Directory Services/Device Registry- You’ll need to have a data base of the users, the user groups, and the devices that are registered to the users. Then who owns the devices, either the school, or someone else- the student or teacher in most cases.
3) Role Based Network Access Control- Your wireless network must be able to look at the person accessing the network and see that they are assigned to a specific user group. Then it must assign the policy for that group to the user. For example: a student is allowed to connect to the wireless network, but only access the internet gateway or their personal storage space on the internal network.
4) Application Level Filtering & Control- “next-generation firewalls” know what applications your users are using and what sites they are trying to access. This is cool because you can write a policy for the groups of users that relates to what they do online including how much bandwidth they are allowed to use. For example: your policy may be that students can access YouTube and Moodle, but no facebook. And each student can only use 500kbps of bandwidth/student when on YouTube. A policy for teachers may be that they can access Facebook, but can’t post messages during school hours. …the possibilities are endless.
5) Anti-Virus- It’s difficult to enforce that each student owned device have Anti-Virus loaded on it without scanning each device individually (which is cumbersome). But you can build the network infrastructure that forces traffic to run through an appliance that can stop the virus from going anywhere, and blacklist the user if it sees any behavior that looks like a virus or malicious activities. This can be even be done with the same firewall appliance described above.
Of course building this system requires multiple products and plenty of expertise, but if every school system worked with an IT Solutions Provider to build Secure Wireless LAN’s with these features, it would allow for better and more flexible network access for mobile devices in the classroom. Is there a downside to that?
Philip is the founder and CEO of SecurEdge Networks. He’s the consummate strategist and frequently writes for the strategy blog. You can follow him at @philipwegner